• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

Joomla! 3.6.4 Admin TakeOver Exploit is Now Public

Alizaib Hassan by Alizaib Hassan
February 6, 2017
Share on FacebookShare on Twitter

A few days ago, a Joomla exploit has surfaced on the internet affecting the version 3.6.4 by allowing an attacker to take administrative control over the website using the Content Management System (CMS). An exploiter named Charles Fol has taken credit and has made the 0day public by posting it to exploit databases.

When the exploit is executed on a targeted Joomla website, it allows hackers to register and then provides and grants administrative privileges to the newly registered account.

Screenshot of Joomla! 3.6.4 Admin TakeOver Exploit
Screenshot of Joomla! 3.6.4 Admin TakeOver Exploit

Hackers can use this exploit to not only deface their web page but can also download their whole database, hijack traffic or even root the servers by uploading a malicious shell.

Staff at Joomla have not publicly addressed the exploit yet and it is unknown as of yet whether or not a patch has been released in response to the vulnerability.

A similar exploit has existed for versions 3.4.4 to 3.6.4 of Joomla. A video was uploaded on the 8th of November, 2016 by the user “Macedonian Security Crew” and it shows a full Proof of Concept (PoC). The video demonstrates an in-depth analysis on the exploit in a 23 minute display and gives further information on how to execute the exploit onto vulnerable websites using Metasploit.

The security staff at Joomla need to be on high alert and keep an eye out on vulnerabilities and exploits like these so clients and users who implement the Joomla CMS on their websites don’t feel threatened by the risk posed by malicious hackers and exploits. The severity of this exploit alone has been major, posing a very high-security risk for those vulnerable. The staff at Joomla can take a page out of their competitor WordPress’s book.

Recently a couple of vulnerabilities were found in WordPress’s REST API, which we reported on a few days ago. The security team at WordPress dealt with the situation much better by immediately deploying a patch for those affected by the bugs.

The severity of that exploit in comparison to this one is almost the same. So whether or not Joomla staff are aware of the bugs, they need to take initiative and solve the problem at hand faster. We advise those who are affected to upgrade to the latest version of the CMS to avoid falling victim to this admin takeover exploit.

Tags: Joomla 3.6.4 ExploitJoomla Exploit
Alizaib Hassan

Alizaib Hassan

Writer and content creator at The Hack Post. My adamant love for blogging, web development and programming has made me realise that contributing what I know is not only educative but also fun. Discussing topics with others is what drove me to become an author and I love every single moment of it. Founder of www.azhblog.com

Next Post

openSUSE Hacked by Kurdish Hacker

Latest Articles

The Premier Choice for Cesspool Service near Ronkonkoma, NY
Business

The Premier Choice for Cesspool Service near Ronkonkoma, NY

May 26, 2023
A-1 Sewer & Drain
Business

A-1 Sewer and Drain

May 26, 2023
What is Content at Scale and How Does it Help Boost Your Content?
news

What is Content at Scale and How Does it Help Boost Your Content?

May 26, 2023
The Evolution of Payment Systems in the Cryptocurrency Landscape
Business

The Evolution of Payment Systems in the Cryptocurrency Landscape

May 25, 2023
Reasons Small Business Loans get rejected
news

Reasons Small Business Loans get Rejected

May 16, 2023
A Complete Guide on Mobile App Wrapping
Technology

A Complete Guide on Mobile App Wrapping

May 16, 2023
Best Roofing Company in Indianapolis
news

Best Roofing Company in Indianapolis

May 16, 2023
Sealants for Industrial Processes Introducing CJM Centritec Non Contact Seals and CinchSeal Rotary Shaft Seals
news

Sealants for Industrial Processes: Introducing CJM Centritec Non Contact Seals and CinchSeal Rotary Shaft Seals

May 15, 2023
Building Custom Generative AI Models with TensorFlow
Technology

Building Custom Generative AI Models with TensorFlow

May 13, 2023
Secure Your Gaming Experience Top Tips for Safer Online Play
Entertainment

Secure Your Gaming Experience: Top Tips for Safer Online Play

May 11, 2023
windows in europe Everything You Need to Know
news

Windows in Europe: Everything You Need to Know

May 4, 2023
4 Advantages You Can Get Using WordPress Alternatives
Technology

4 Advantages You Can Get Using WordPress Alternatives

April 29, 2023
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019